Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * Copyright (c) OSGi Alliance (2010, 2011). All Rights Reserved.
   *
   * Licensed under the Apache License, Version 2.0 (the "License");
   * you may not use this file except in compliance with the License.
   * You may obtain a copy of the License at
   *
   *      http://www.apache.org/licenses/LICENSE-2.0
   *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.osgi.service.coordinator;
 
 import java.util.List;
 import java.util.Map;
 
A bundle's authority to create or use a Coordination.

CoordinationPermission has three actions: initiate, participate and admin.

Version:
$Id: 5c0e011abe0732906361e08819354ec794e1e2fd $
ThreadSafe:
 
 public class CoordinationPermission extends BasicPermission {
 
 	private static final long	serialVersionUID	= 1L;

The action string initiate.
 
 	public final static String	INITIATE"initiate";
The action string participate.
 
 	public final static String	PARTICIPATE"participate";
The action string admin.
 
 	public final static String	ADMIN"admin";
 
 	private final static int						ACTION_INITIATE		= 0x00000001;
 	private final static int						ACTION_PARTICIPATE	= 0x00000002;
 	private final static int						ACTION_ADMIN		= 0x00000004;
 	private final static int						ACTION_ALL
 	final static int								ACTION_NONE			= 0;

The actions mask.
 
 	transient int									action_mask;

The actions in canonical form.

Serial:
 
 	private volatile String							actionsnull;

The bundle used by this CoordinationPermission.
 
 	transient final Bundle							bundle;

If this CoordinationPermission was constructed with a filter, this holds a Filter matching object used to evaluate the filter in implies.
 
 	transient Filter								filter;

This map holds the properties of the permission, used to match a filter in implies. This is not initialized until necessary, and then cached in this object.
	private transient volatile Map<StringObject>	properties;

Creates a new granted CoordinationPermission object. This constructor must only be used to create a permission that is going to be checked.

Examples:

 (coordination.name=com.acme.*)
 (&(signer=\*,o=ACME,c=US)(coordination.name=com.acme.*))
 (signer=\*,o=ACME,c=US)
 

When a signer key is used within the filter expression the signer value must escape the special filter chars ('*', '(', ')').

The name is specified as a filter expression. The filter gives access to the following attributes:

  • signer - A Distinguished Name chain used to sign the exporting bundle. Wildcards in a DN are not matched according to the filter string rules, but according to the rules defined for a DN chain.
  • location - The location of the exporting bundle.
  • id - The bundle ID of the exporting bundle.
  • name - The symbolic name of the exporting bundle.
  • coordination.name - The name of the requested coordination.
Filter attribute names are processed in a case sensitive manner.

Parameters:
filter A filter expression. Filter attribute names are processed in a case sensitive manner. A special value of "*" can be used to match all coordinations.
actions admin, initiate or participate (canonical order).
Throws:
java.lang.IllegalArgumentException If the filter has an invalid syntax.
	public CoordinationPermission(String filterString actions) {
		this(parseFilter(filter), parseActions(actions));
	}

Creates a new requested CoordinationPermission object to be used by the code that must perform checkPermission. CoordinationPermission objects created with this constructor cannot be added to an CoordinationPermission permission collection.

Parameters:
coordinationName The name of the requested Coordination.
coordinationBundle The bundle which created the requested Coordination.
actions admin, initiate or participate (canonical order).
	public CoordinationPermission(String coordinationName,
			Bundle coordinationBundleString actions) {
		super(coordinationName);
		setTransients(nullparseActions(actions));
		this. = coordinationBundle;
		if (coordinationName == null) {
			throw new NullPointerException("coordinationName must not be null");
		}
		if (coordinationBundle == null) {
					"coordinationBundle must not be null");
		}
	}

Package private constructor used by CoordinationPermissionCollection.

Parameters:
filter name filter
mask action mask
	CoordinationPermission(Filter filterint mask) {
		super((filter == null) ? "*" : filter.toString());
		setTransients(filtermask);
		this. = null;
	}

Called by constructors and when deserialized.

Parameters:
filter Permission's filter or null for wildcard.
mask action mask
	private void setTransients(Filter filterint mask) {
		this. = filter;
		if ((mask == ) || ((mask & ) != mask)) {
			throw new IllegalArgumentException("invalid action string");
		}
		this. = mask;
	}

Parse action string into action mask.

Parameters:
actions Action string.
Returns:
action mask.
	private static int parseActions(String actions) {
		boolean seencomma = false;
		int mask = ;
		if (actions == null) {
			return mask;
		}
		char[] a = actions.toCharArray();
		int i = a.length - 1;
		if (i < 0)
			return mask;
		while (i != -1) {
			char c;
			// skip whitespace
			while ((i != -1)
					&& ((c = a[i]) == ' ' || c == '\r' || c == '\n'
							|| c == '\f' || c == '\t'))
				i--;
			// check for the known strings
			int matchlen;
			if (i >= 4 && (a[i - 4] == 'a' || a[i - 4] == 'A')
					&& (a[i - 3] == 'd' || a[i - 3] == 'D')
					&& (a[i - 2] == 'm' || a[i - 2] == 'M')
					&& (a[i - 1] == 'i' || a[i - 1] == 'I')
					&& (a[i] == 'n' || a[i] == 'N')) {
				matchlen = 5;
				mask |= ;
			}
			else
				if (i >= 7 && (a[i - 7] == 'i' || a[i - 7] == 'I')
						&& (a[i - 6] == 'n' || a[i - 6] == 'N')
						&& (a[i - 5] == 'i' || a[i - 5] == 'I')
						&& (a[i - 4] == 't' || a[i - 4] == 'T')
						&& (a[i - 3] == 'i' || a[i - 3] == 'I')
						&& (a[i - 2] == 'a' || a[i - 2] == 'A')
						&& (a[i - 1] == 't' || a[i - 1] == 'T')
						&& (a[i] == 'e' || a[i] == 'E')) {
					matchlen = 8;
					mask |= ;
				}
				else {
					if (i >= 10 && (a[i - 10] == 'p' || a[i - 10] == 'P')
							&& (a[i - 9] == 'a' || a[i - 9] == 'A')
							&& (a[i - 8] == 'r' || a[i - 8] == 'R')
							&& (a[i - 7] == 't' || a[i - 7] == 'T')
							&& (a[i - 6] == 'i' || a[i - 6] == 'I')
							&& (a[i - 5] == 'c' || a[i - 5] == 'C')
							&& (a[i - 4] == 'i' || a[i - 4] == 'I')
							&& (a[i - 3] == 'p' || a[i - 3] == 'P')
							&& (a[i - 2] == 'a' || a[i - 2] == 'A')
							&& (a[i - 1] == 't' || a[i - 1] == 'T')
							&& (a[i] == 'e' || a[i] == 'E')) {
						matchlen = 11;
					}
					else {
						// parse error
								"invalid permission: " + actions);
					}
				}
			// make sure we didn't just match the tail of a word
			// like "ackbarfadmin". Also, skip to the comma.
			seencomma = false;
			while (i >= matchlen && !seencomma) {
				switch (a[i - matchlen]) {
					case ',' :
						seencomma = true;
						/* FALLTHROUGH */
					case ' ' :
					case '\r' :
					case '\n' :
					case '\f' :
					case '\t' :
						break;
					default :
								"invalid permission: " + actions);
				}
				i--;
			}
			// point i at the location of the comma minus one (or -1).
			i -= matchlen;
		}
		if (seencomma) {
			throw new IllegalArgumentException("invalid permission: " + actions);
		}
		return mask;
	}

Parse filter string into a Filter object.

Parameters:
filterString The filter string to parse.
Returns:
a Filter for this bundle.
Throws:
java.lang.IllegalArgumentException If the filter syntax is invalid.
	private static Filter parseFilter(String filterString) {
		filterString = filterString.trim();
		if (filterString.equals("*")) {
			return null;
		}
		try {
			return FrameworkUtil.createFilter(filterString);
		}
					"invalid filter");
			iae.initCause(e);
			throw iae;
		}
	}

Determines if the specified permission is implied by this object.

This method checks that the filter of the target is implied by the coordination name of this object. The list of CoordinationPermission actions must either match or allow for the list of the target object to imply the target CoordinationPermission action.

Parameters:
p The requested permission.
Returns:
true if the specified permission is implied by this object; false otherwise.
	public boolean implies(Permission p) {
		if (!(p instanceof CoordinationPermission)) {
			return false;
		}
		if ( != null) {
			return false;
		}
		// if requested permission has a filter, then it is an invalid argument
		if (requested.filter != null) {
			return false;
		}
		return implies0(requested);
	}

Internal implies method. Used by the implies and the permission collection implies methods.

Parameters:
requested The requested CoordinationPermission which has already be validated as a proper argument. The requested CoordinationPermission must not have a filter expression.
effective The effective actions with which to start.
Returns:
true if the specified permission is implied by this object; false otherwise.
	boolean implies0(CoordinationPermission requestedint effective) {
		/* check actions first - much faster */
		effective |= ;
		final int desired = requested.action_mask;
		if ((effective & desired) != desired) {
			return false;
		}
		/* Get filter */
		Filter f = ;
		if (f == null) {
			// it's "*"
			return true;
		}
		return f.matches(requested.getProperties());
	}

Returns the canonical string representation of the CoordinationPermission actions.

Always returns present CoordinationPermission actions in the following order: admin, initiate, participate.

Returns:
Canonical string representation of the CoordinationPermission actions.
	public String getActions() {
		String result = ;
		if (result == null) {
			StringBuffer sb = new StringBuffer();
			boolean comma = false;
			int mask = ;
			if ((mask & ) == ) {
				comma = true;
			}
			if ((mask & ) == ) {
				if (comma)
					sb.append(',');
				comma = true;
			}
			if ((mask & ) == ) {
				if (comma)
					sb.append(',');
				comma = true;
			}
			 = result = sb.toString();
		}
		return result;
	}

Returns a new PermissionCollection object suitable for storing CoordinationPermission objects.

Returns:
A new PermissionCollection object.
	}

Determines the equality of two CoordinationPermission objects. This method checks that specified permission has the same name and CoordinationPermission actions as this CoordinationPermission object.

Parameters:
obj The object to test for equality with this CoordinationPermission object.
Returns:
true if obj is a CoordinationPermission, and has the same name and actions as this CoordinationPermission object; false otherwise.
	public boolean equals(Object obj) {
		if (obj == this) {
			return true;
		}
		if (!(obj instanceof CoordinationPermission)) {
			return false;
		}
		return ( == cp.action_mask)
				&& (( == cp.bundle) || (( != null) && 
						.equals(cp.bundle)));
	}

Returns the hash code value for this object.

Returns:
A hash code value for this object.
	public int hashCode() {
		int h = 31 * 17 + getName().hashCode();
		h = 31 * h + getActions().hashCode();
		if ( != null) {
			h = 31 * h + .hashCode();
		}
		return h;
	}

WriteObject is called to save the state of this permission object to a stream. The actions are serialized, and the superclass takes care of the name.
	private synchronized void writeObject(java.io.ObjectOutputStream s)
			throws IOException {
		if ( != null) {
			throw new NotSerializableException("cannot serialize");
		}
		// Write out the actions. The superclass takes care of the name
		// call getActions to make sure actions field is initialized
		if ( == null)
	}

readObject is called to restore the state of this permission from a stream.
	private synchronized void readObject(java.io.ObjectInputStream s)
		// Read in the action, then initialize the rest
	}

Called by <@link CoordinationPermission#implies(Permission)>. This method is only called on a requested permission which cannot have a filter set.

Returns:
a map of properties for this permission.
	private Map<StringObjectgetProperties() {
		Map<StringObjectresult = ;
		if (result != null) {
			return result;
		}
		final Map<StringObjectmap = new HashMap<StringObject>(5);
		map.put("coordination.name"getName());
		if ( != null) {
			AccessController.doPrivileged(new PrivilegedAction<Object>() {
				public Object run() {
					map.put("id"new Long(.getBundleId()));
					map.put("location".getLocation());
					if (name != null) {
						map.put("name"name);
					}
					if (signer.isBundleSigned()) {
						map.put("signer"signer);
					}
					return null;
				}
			});
		}
		return  = map;
	}
Package private class used for filter matching on signer key during filter expression evaluation in the permission implies method.

Immutable:
final class SignerProperty {
	private final Bundle	bundle;
	private final String	pattern;

String constructor used by the filter matching algorithm to construct a SignerProperty from the attribute value in a filter expression.

Parameters:
pattern Attribute value in the filter expression.
	public SignerProperty(String pattern) {
		this. = pattern;
		this. = null;
	}

Used by the permission implies method to build the properties for a filter match.

Parameters:
bundle The bundle whose signers are to be matched.
		this. = bundle;
		this. = null;
	}

Used by the filter matching algorithm. This methods does NOT satisfy the normal equals contract. Since the class is only used in filter expression evaluations, it only needs to support comparing an instance created with a Bundle to an instance created with a pattern string from the filter expression.

Parameters:
o SignerProperty to compare against.
Returns:
true if the DN name chain matches the pattern.
	public boolean equals(Object o) {
		if (!(o instanceof SignerProperty))
			return false;
		Bundle matchBundle =  != null ?  : other.bundle;
		String matchPattern =  != null ? other.pattern : ;
		Map<X509CertificateList<X509Certificate>> signers = matchBundle
		for (List<X509CertificatesignerCerts : signers.values()) {
			List<StringdnChain = new ArrayList<String>(signerCerts.size());
			for (X509Certificate signerCert : signerCerts) {
				dnChain.add(signerCert.getSubjectDN().getName());
			}
			try {
				if (FrameworkUtil.matchDistinguishedNameChain(matchPattern,
						dnChain)) {
					return true;
				}
			}
				continue// bad pattern
			}
		}
		return false;
	}

Since the equals method does not obey the general equals contract, this method cannot generate hash codes which obey the equals contract.
	public int hashCode() {
		return 31;
	}

Check if the bundle is signed.

Returns:
true if constructed with a bundle that is signed.
	boolean isBundleSigned() {
		if ( == null) {
			return false;
		}
		return !signers.isEmpty();
	}
Stores a set of CoordinationPermission permissions.

	static final long										serialVersionUID	= -3350758995234427603L;
Collection of permissions.

Serial:
GuardedBy:
this
Boolean saying if "*" is in the collection.

Serial:
GuardedBy:
this
	private boolean								all_allowed;

Create an empty CoordinationPermissions object.
		 = false;
	}

Adds a permission to this permission collection.

Parameters:
permission The CoordinationPermission object to add.
Throws:
java.lang.IllegalArgumentException If the specified permission is not a CoordinationPermission instance or was constructed with a Bundle object.
java.lang.SecurityException If this CoordinationPermissionCollection object has been marked read-only.
	public void add(final Permission permission) {
		if (!(permission instanceof CoordinationPermission)) {
			throw new IllegalArgumentException("invalid permission: "
permission);
		}
		if (isReadOnly()) {
			throw new SecurityException("attempt to add a Permission to a "
"readonly PermissionCollection");
		}
		final CoordinationPermission cp = (CoordinationPermissionpermission;
		if (cp.bundle != null) {
			throw new IllegalArgumentException("cannot add to collection: "
cp);
		}
		final String name = cp.getName();
		synchronized (this) {
			final CoordinationPermission existing = pc.get(name);
			if (existing != null) {
				final int oldMask = existing.action_mask;
				final int newMask = cp.action_mask;
				if (oldMask != newMask) {
					pc.put(namenew CoordinationPermission(existing.filter,
							oldMask
newMask));
				}
			}
			else {
				pc.put(namecp);
			}
			if (!) {
				if (name.equals("*")) {
					 = true;
				}
			}
		}
	}

Determines if the specified permissions implies the permissions expressed in permission.

Parameters:
permission The Permission object to compare with this CoordinationPermission object.
Returns:
true if permission is a proper subset of a permission in the set; false otherwise.
	public boolean implies(final Permission permission) {
		if (!(permission instanceof CoordinationPermission)) {
			return false;
		}
		final CoordinationPermission requested = (CoordinationPermissionpermission;
		/* if requested permission has a filter, then it is an invalid argument */
		if (requested.filter != null) {
			return false;
		}
		synchronized (this) {
			/* short circuit if the "*" Permission was added */
			if () {
				CoordinationPermission cp = pc.get("*");
				if (cp != null) {
					effective |= cp.action_mask;
					final int desired = requested.action_mask;
					if ((effective & desired) == desired) {
						return true;
					}
				}
			}
			perms = pc.values();
		}
		/* iterate one by one over filteredPermissions */
		for (CoordinationPermission perm : perms) {
			if (perm.implies0(requestedeffective)) {
				return true;
			}
		}
		return false;
	}

Returns an enumeration of all CoordinationPermission objects in the container.

Returns:
Enumeration of all CoordinationPermission objects.
	public synchronized Enumeration<Permissionelements() {
		return Collections.enumeration(all);
	}
	/* serialization logic */
	private static final ObjectStreamField[]	serialPersistentFields	= {
			new ObjectStreamField("permissions"HashMap.class),
			new ObjectStreamField("all_allowed".)			};
	private synchronized void writeObject(ObjectOutputStream out)
			throws IOException {
		pfields.put("permissions");
		pfields.put("all_allowed");
	}
	private synchronized void readObject(java.io.ObjectInputStream in)
				"permissions"null);
		 = gfields.get("all_allowed"false);
	}
New to GrepCode? Check out our FAQ X